CVE-2025-26699 – django

Package

Manager: pip
Name: django
Vulnerable Version: >=4.2 <4.2.20 || >=5.0 <5.0.13 || >=5.1 <5.1.7

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

EPSS: 0.00208 pctl0.43223

Details

Django vulnerable to Allocation of Resources Without Limits or Throttling An issue was discovered in Django 5.1 before 5.1.7, 5.0 before 5.0.13, and 4.2 before 4.2.20. The django.utils.text.wrap() method and wordwrap template filter are subject to a potential denial-of-service attack when used with very long strings.

Metadata

Created: 2025-03-06T21:31:26Z
Modified: 2025-04-09T20:00:24Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/03/GHSA-p3fp-8748-vqfq/GHSA-p3fp-8748-vqfq.json
CWE IDs: ["CWE-770"]
Alternative ID: GHSA-p3fp-8748-vqfq
Finding: F067
Auto approve: 1